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[-2-41 



44^ ^ 44 4"§-*H 7l«>^ o}^ ^ f] M 

€:-§■ 4444 ^*J*Kr ^5LS#2] 431 4^4 44 4°14. «<HH14*r, 

44, 4#°ll €-£-4 4^ 44 D 14» -i4^4. ^-^Ji, 3. ^§44 44 

nlEjofl 4444 A}-g-x}7> <y^5. ^ 4^4°}, 4"§-*> ID, ^44 
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-g-S>4 A^ 7 > A-^4 ^ 7fl7l ^o. o^^-ofl cfltb #4(Auth)4 A^sq- A>^>6j|7fl 

4 1*:44^ 4 -£4^1- ^3444 44 S(Y)AS 4^44 uflAl^S a>^Ht!1 

l£\H4. 4-&44 ZL Auth# ^#Sfl4 44» 4^4^, A-^4 A}-g-44 
4^ ¥4 4444 44 &( C )4 414 4(SK)# 44 ^, A}~g-4 4^g- 4*fl 
^4 4KB)* 4444 4^44. n 4 A>^H1 tfl* 4^4^ 444 
(V)7> ^44 A^ 7 } C # 4 -£44 ^ B* 3^4^, SKM: 4444 414 71 # 

ia444. 444, 4 ^^r, 44^ <8 44 ^ A>-g-4^A^ a. 

4M7>H ^4 i^^°l 4^4-^4 7l^4s.s4 444 4^ 5? ?1^4# 4 



4^ 44^ ^ 44 ^8, 4^4 = , 4-§-4 4^, 4 ^4 
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3) Hh^ {METHOD OF DESIGNING PASSWORD BASED AUTHENTICATION AND KEY EXCHANGE 
PROTOCOL USING ZERO-KNOWLEDGE INTERACTIVE PROOF} 



£ 2^ ^>-g-^> -4^ ^ 7) JE^; Sefl^SHl RSA ^ 

*H-g-B 3 -§-?!: nsstt M-bJ-^H S'S. 

a-w-ojl ^ y-^o] gig* 

50 : ^>-§-^V 60 : >^ 
100 : g^ 
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(Zero-Knowledge Interactive Proof)* °l-g-tr sfl^ = * ?1 

o] afl^s.^ *R}^ Al£-i- 4 s £1-2- , °1^ ^> 

<9> aV 7 ]^ ^ol 3fl>^t=# o]-g-^. AV-g-^> o]^, ^-Ajofl %Va^Hr ¥ ^*l|7} 

^fr^f. °H, ^^^1 ^-£Lfr ^Ji °l^°fl <=>Hr?i ^^LS. A o V ^«oMl7fl 

#*fHfe ^tf. SE^r, 3fl^^« ol-g-tr ?1 ^M, #<^*Hr ¥ ^1 

7} 7l# ^-fi-SRr ^trCf. °H, £^7>7> ol 7l» ^ 

<10> £E*V, jflA^jcfe rfl%l7l ^7fl7l <y-jL ^Bfl A}-g-£] ^ 7l ^ 

*fl-f ELX) ^O.JE.S 3fl^^* °l-§-^ ^1 
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<n> ^ ^r-§-*r ?]3-*\ sfli^ 

= ^>^^H ^siM-, ^°1H^ ^^^o] ^ 

^(offline dictionary attack)^ *l)-f #}^tr ?J <£3^ o]^- h^*> 

7} Tom Wu^ SRP, David Jablon^ B-SPEKE, Bel loving -^^ EKE <S 

TflSl^c]-. 71^^ a>-§-^> o]^ Jfli-flH.* °l-g-*Rr ^-f 

^V^o] ^3 o. s ^e^l^ EKECencrypted key exchange)^ 

°1 ^1^5)^^ tfl^ adhoc -gTlHl sl^VJl SZrf. 

-§-*Hr ^-f 4-§-*f^l ^^JI ^}J=9}EL ^ ioj 

S^-i: A>-g-^>7> ^Sfl^Rr rcf^cf. t4^i, ^aJM^ofl <^<5}^, sfl 

oj-g-^ o]^ ^ 71 JH^r £^£§2] ^Slf-# afl^SM 



^T^H, ^7l^ ^ ^1^# «fl^5>7l $I*IH, £ ^-gr, A}*} 

tq«q ^*j-^<y 7 ^^ f adhoc ^^j. 0 >vi sfli 

$| = 7lti> oj- £ S£f ^7111- 7^*1-7)1 *Krt-fl *}l4£l -=-^o] olCf. 
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•3 2002/1/9 



<15> 



iEth ^ ^-^^r, ^ ^*Rr sfl^JE. 7]*V«\ ^ J2^ 



<16> 



Xt*}^, ¥ ^^r, Xj *H sfl^E- 7) 



^£r, ^ Xj *H ^<>i^-S: Xl^ ^ 71 JuL^r H 



^ f =r Sir y o V ^°lc|-. 



<i?> ^e>7i sin -g- tn^-^ <3 *i^i ^* <>i-g-*> *n 

71^0] o]^ ^ 71 JEL^- ^7^1 ^l^W. °1 a J-^^, Xl 

Xl#<Hl ^ ^1^^ sH^l^l- ^tb^. n ^, zi sl-el-ni 

B\o\] ^Tj*}^ a>-§-^>7> <ya)S. 31^ ^(r, x)«- ^e?*}^, Al~g-*> ID(IDuser), 
f-^r(OWF)!- 3-§-*lW <g^- Al^^oi ( A =0WF(r)), ^ ^^1^ a^HtH 
X> <a^^m 1 €£r^r ^ 3KX)-°JL ois.^^1 Ai^ollTll ti\flcf. 

Ol Jilfl^I ^Alxll- Ol-g-^ A^ 7 > A^o] ^ 7fl7] ^ o. ^ ^ 

(Auth)-4 a^s)- AV-g-^Hl^^- <a-^^- an 2 ^ S;(Y)1S o]^*! 

^1^1^11- ^V-g-^HlTll ^>-8-^>7> #71 AuthS 3#*lW ^tHl- Xl^fJI, 

A>-g-*>i£ o}^ s-^ o}*l7l^ ^.A mc)A 7l(SK)» 

. olS>f 7j-ol A^<4 Af-g^}^ O}^ «1^ ^ oi^7l^ &0_ig. Xl*fl ^-S^ 
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o] a\^^ ^ ^ flr*. n t|1a> o]^.g. <H*fl 4=-23*> ^(B)# 

*1«W?II #^nf. ^ A>-g-*Hj cfltb Jfl^H ^^(V=0WF(f(P))7> til^elofl 

^7> ^7} ^(B)l- ^-71 A, V ^ c» *l-g-*fl ^^>JL, SK# 7^1 
<*| ^ 711- °H tfl^ <3 *H ^ 

<is> se*}-, ^ofl^^, £ ^efl^ofl rsa ojA]- cfl^ ^ i 

71 &^H1 tfl-g-^711 ^>-g-^>7> ^-^7} ^(B)l- q-S^ ^J7 ; o]e^ ^ S 4 

€" ^-^7} ^ofl cfSTj) Ojs-o., ol^ofl A^fr] A|tg 

$51, 7]A1 ^o] £ 4^] Afl S ^ o]^ ^ 7 ] xc M 

7l» S^V^r i^o] ^ahi^ %v^> 
<2i> E. l£r sfl^^# ^ 71 jS^ HSS#^1 ISll^f £^1*1 
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2002/1/9 



<22> 



» P]^ >g>8*fl ^4(100). A>-g-^>S5f Ai«l^ ^O.^., A] 

-g-^fl ^>-§-7>#°l ^cf. wfl^r ^-(multiplicative 

group) Z* P M- b}-^ ^Ajaf ^ -B-tt ^l-o^, g^r ^1- 

^5 ^7) (generator )olcf. ^<>]H^ #2)^ afl^r S7l^-|- n*5frch OWF 

fe- ^(oneway function)^, A ^]it1^e, 

RSA(Rivest, Shamir, Adleman) tfl^ £-*Hl A 

^ 2^r ^9l^r <a« 0 >%> ^ tr^^H 

^l^^l^^m, <>l^ 4^ ^-^Hl 7)^*V aflo^TE. ^o} 

^-g- tBt^t. f(P)^ sfl^^ PI- OWF 5} <^&M if 

e^^r ^°lJL, ^# 7>^ V(x)tt x# 71 VS rfl^7l 

^JlsHrTr 33, V-!(x)^ xl- 7] VS. rfl^l7l 3* o} 7 H 

, rfl%i7l <y-s^ ^ <£3^ DES, 3DES, RC5, AES € ^ 91^. HQ^r sha-1, 

md5 f-Sj ^f-n^lJI, 11^ ^(concatenation)^- sHtr^. 
<23> £ ld\]x] A>-g-^>o] ajig ^J±^r Sfl^^olJL, ujig ^iL^ z| A> 

-g-*H tfl^ sfli^lH 3-<?l*r V=0WF(f(P))7> ^cf. 
<24> £ icflAi A}-g-*}(50)^r A>-g-AV IDdDuser), r-i: *}^SfH ^ 

^tr(lOla) A=0WF(r), ^ xt 7il^>tr(101b) *\ 

A>^>6fl7fl^V IrsH^ ^-S- X=V(g*)» Itl^ 

1- ^^(60)<Hl7ll €#W(101). °H1 i^Sr, ^ 7l HL-§ 



1020010081105 2002/1/9 

<25> #71 °1H*1* ^ ^(60)^, n. oflAl^l- ol-g-^ y# 

-9^«H 31#tb ^7fl7l cfltl: ^ 

Auth=H(K' IU)(102a)4 ^}o|7|^ ^B^lfe >S^# ^tt 

Y=V( g y)(102b)« 5^ *>-8-*K50)°fl7fl #*fc$tKl02). ^HH, 

Auth=H(K' I ID^r K=[V-l(X)]y, K'=H(K| |g*| | g y| |ID User l HDserver)* 0 l^B A i 31 

£^(random chal lengeXS^J: 103b«*IH ' <:')-§- tH#*KE^- sfl^cf . 
<26> >H»K60)3JjMH #^(102) ^1^1^11- ^ A>-g-7K50)^ cf-g-^, K^tV" 1 

(Y)] x , K'=H(K| |g x | |gy| UDuserl UDserver)* 7fl#*lH Auth* <>1 3^ 

^4, ^i»1(60)7> 5fl^= sj-o]^]- VI- <£zl *>-8-*K50)fe ^ 

oi^o. <g.^ ^ $I4(103a). nejn, A>-g-7>(50)^, #71 Asq- 
TSK=H(K' I 10)1- °l-g-*fl C =H(TSK| |A)-fr 7H#*Vt}. °H, a]^ ^71^ 

*8*Hr ^Misl ^7} ^*8*Hr ^*fl <y A>-g-^Hl 711 fl*n 3 

^Hf7 £^(^"71 C » ^)^T 7>iWl<4 Af-g-^j-ol; *V£-S. iL^-i^Sl 

^^1: ^ 4 s SI 4. °)^- ^#*Kr £ 2, £ 3 ^ JE 4ofl^ 
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<27> ol<4 £o] ^, A>-§-^^ -S-z^ ^ B» c, r ZL^jL *R1°1 7} 

*}3L & tt afl^jE. PI- o]^^ tII^ ^ ^wl^Tll ^^cf(103b). o>*el, 
A}-g-*Hr, *\]# 71 SK# SK=HCK f I |AI IBI |2)<H| ^ Til 103c ) . #7] M) # 

*3 #7ll 103a 103cS. <>1^-<H^, *}-&x}7} ^*H» ^l^V^l, ^-3*} t B» 
^*Rr 4^(103)* ^HW. 

<28> ^Bl(60)^ c=H(TSK||A)» 711 ^>J1 ^7}^ B» A, V, c» °l-g- 

*H ^1 ^ ^4, ^^*>^ A >-S-^> $h§.^tKl04a). 

ZlBlZL, Aiwm 71 SKI- SK=H(K' I IAI IBI 12)^1 ^sfl ^tb^KHMb). °] H 

Sit ^S. ^}-%-7}9\- A>olofl ^71^- SK=H(K' I IA| |B| |2)olrf 

(104). 

<29> £ 2^r £ 1^ ^ell^^ofl rsa S-^ll* ^-§-*l ^SS#o]tf. £ lol] 

a-1 a^*). Al^efl ^^sj. £ - ^-o. o^^s w.^o] ( n=p * q> RSA 

^7fl7H4. olnfl, p> q ^ RSA ^^Mjt., 

0WF(r)=r e mod n ^cf. f(p)^ sfl^iE. PI- lg(n) bitsS. ^-3}^4r tT°14 
(200). 

<30> J£ 2 oflA-l A>^-^>o] Hl^ ^ti^ Sfl^^^^ol J7 ; A^o] Z\ A} 

-g-^Hl ^ 2fl^=. 3^1 *V V=[f(P)" 1 ] e mod n7> ^cf. 
<3i> £ 2 *IM A>^>(50)fe A>-g-*> ID(IDu S er). r^r <$S>)3. ^ 

<+3K201a) *l^*r A=r e mod n, ^ x* <$2\3- 7H#tK201b) 

a^<4 AV-g-^HlTfl 1 ?]: £3*1 *J^r ^ X=V(g x )# S^-tb ^1^1 

*1* ^1^(60)^711 ^^^(201). 
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<32> 



#71 ^1^1^11- ^ a^(60)^, zl oflAl^l- oj-g-^H €^ y« 



0 J^JL ^HM^H ^i^^l ^7fl7] ^i-fM^ofl ^ ^ 

Auth=H(K , ||l)(202a)^ A}-g-7Hl ?\) ^ 

Y=V(gy)(202b)* S.^ ^a]*]* A>-g-^>(50)^]7fl ^^^(202). SHH, 
Auth=H(K' | |l)fe K=[V" 1 (X)]y ( K'=H(K| Ig^l | g y| lIDuseJ UDserver) * °l-8-*«H 31 

/*1«K60)3.-»M ##=1(202) oflAl^l- A >^H50)^ K=[V-! 

(Y)] x , K'=H(K| lg x l |gy| HD User | UDserver)^ ^SlH Auth» 3^^h °1 3# 
^^>^ *W60)7> sfl^= VI- <&J1 ^-g-^r A>-g-*K50)fe SKi 

*l QS-'g 4 s &i=K203a). ZLS^Jl, A>-g-^>(50)^, #7l A^- - 

TSK=H(K" I I0)S c=H(TSK||A)# Tfl^-^cf. ©H, c ^r ^l^ 

^7} S^, ^til^O] ^ A^ c^T ^^^BflS. A^oflAi A]-g-A}.§. # 

3}3Hr ^3 A|ttl<4 AV-g-T.}^ o>^ c^r^cf. °12}- £o] A>-g-A> 

^ ^ Bl- ^#t!r C, r H^JL A>A]o] ^tt sfl^IE. PI- Oj-g-^fl 

Ai Tfl-iV ^ A^oflTll ^l^t!:T=f(203b). o]ttfl^ ^aJ- ^ B^r, B=r*f(P) c mod n°l 
t}. A>-g-^ ( ^ 71 Sm SK=HCK' I |A| |B| 12)^1 21*11 31^^ (203c) . 

#7l Afl 203a ^*1 203cS <>l-?-o^, A}-g-7>7l- a^*- 91^}^-, ^ 

a> ^ B« ##*Rr ^(203)# 

Ai ^(60)^ c=H(TSK| \Am jl A]-g-7>^ -S-^aHt B» B e *Vc=A mod n 
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(204a). =LZ\5L, *\*\& ^ ?1 SK# SK=H(K' I I A I |B| |2)°fl tH^W 
(204b). °1 HSSf #JL ^, A}-g-A}£>J- A}tf| a>o]o]] 
SK=H(K' I IAI IBI 12)^1^(204). 
<35> ^ 3^ ##tr £ 1^ Sell^^oil o]A>cfl^^ (Discrete Logarithm 

Problem)!- ^-g-*l iS.£#olcf. ^ iofl^| -£^*r S.^- ^ 

*1» 7>^H, p-io] e ±^ q» ^l^rS. $fe ^ojcf. a ^r Z* q ^ ^S^H 

jl, cj-el-A-] 0WF(r)=a r mod p o]t\-. f(P)fe afl^JE. P# lg(q) bitsS ^S^tt 
i}(300). 

<36> S. 3<M A>-g-^V^ ^$-T= Sfl^^^^o] Jl > A^o} O]^ Z}- A} 

-§-aM tR^ sfli^ V=a- f(p) mod p7> 

<37> £ 30^ A>-g-^>(50)^ A}-g-A r IDdDuser), r# 3l 

-t>*K301a) Al^^ a= a r mod p, ^ x# 3l^>tK301b) 

A>.g-AHl7fl^: "£3*1^ ^-g-^ ^-§: 3tr X=V(g x )l- ^a] 
*1» ^*U60Hl7fl ^1^^(301). 

<38> Aj. 7l nflAlxll- «VO. A ^ (60) - ! ^ nflAl^# y# 

3l^tr ^7fl7l i-B-^^-ofl cfltr 

Auth=H(K , IU)(302a)4 A^sf A}-g-*H| ?fl ^ £3*1^ ^* ^tr 

Y=V(gy)(302b)» 2.^® *IM*1* AV-8-^X50)^>H 3^^(302). $HH , 
Auth=H(K' I |l)fe K=[V" 1 (X)]y, K^HCKllgXllgylllDuserlUDserver) » °l-§-*fl A i 31 
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<39> ^(60)3.^3 34^(302) *fM*l* ^ A>-g-^>(50)^ chM, K=[V" 1 

(Y)] x , K'^CKllg^llgylllDuserlUDServer)* Auth« ^#*V^. *1 3^ 

£4. ^1tH(60)7> sfl^JE. 3K1a> V* QJL ^-S-* A}-§-*}(50)^ ^ 

^ A ^ <y^g- ^ &t].(303a). ZL^Jl, A}-g-*K50)fe, ^ A ^ 

TSK=H(K'||0)» °l-g-*fl c=H(TSK||A)» 31^4. °H, ctt 3*171 3} 

=£3^ 34-^ ^ °>fe c&°14. £ d l 31^> a>-8-*> 

xr B* c, r ZL?]JL 7}x|a zfl^jEL P# o]-g-^ 

*l 31^ ^ >H *H Tfl #^tW303b). <^H^ -=-3*} ^ Bfe-, B=r+f(P)*c mod q 
o]4. o>^, A>-g-*}^, ^ 7 ) SKI- SK=H(K'MA||B||2H ^ ^^tf 
(303c). 4 v 7l Afl ^ 303a ^fl^l 303cS ^l^-^^, A >-§-^>7> A^-i. <y^*> 

oL, -=-3 a} ^ B# *i**Hr 4^(303)* ^*Jt4. 

<40> ^tH(60)^ c=H(TSK| |A)« 7fl^}JL s-^x>^ B# a B *V c =A mod p 

.» °l-g-*iH ^. 3^ ^4, A >^> *!^°1 #3.^4 

(304a). nelJl, Afl^S 71 SK ^. SK=H(K' I |A| |B| |2)°fl 

(304b). °] ^.g. ^, Al~g-A}<4 A-^vH A>ol^ 4^71^ 

SK=H(K' I |A| IBI |2)oltf(304). 

<4i> 5L 4fe £ 1^ 55fl°^ J i ^91^ £-*Hl 7l^*V 3 

-g-*V i5.£#o]rf. £ ioflA-1 ^tg^j. Al^Efl Aj^sf 3.^- 7}*H, 



27-14 



1020010081105 #^ 2002/1/9 

(n= p*q)ir RSA *7fl f] o] t±. o}-^ 0WF(r) = r 2 mod n f(P)fe sfli^JEl P 

* lg(n) bitsS feBj^r ^r°l£K400). 
<42> 3£ 4°1H ^>-g-^>^ w]^ ^iLfe ifl^^^olji, a^o] ti]^ ^iLfe- z}- A} 

<43> [V^tfCP+l)" 1 ] 2 mod n, V 2 =[f (P+2)-l] 2 mod n, V 3 =[f (P+3)" 1 ] 2 mod n 

VHKP+k)- 1 ] 2 mod n, V=H(Vi,V 2 V k )]7}- ^cf. 

<44> £ 40^ A>-g-^>(50)^ AV-g-^ ID(ID User ), &&^r r# >5d^3H Tfl 

^tK401a) A= r 2 mod n, ^ x# -id^*IH 711^(40 lb) 

^ (60 HI 7fl ^i^«l-cf(401). 
<45> a o v 7 ] nflA]^ igvg. a^(60)^, H ^H*]!- oj-g-^ y f 

<y^S ^i^^H ^1^*1 a^o] ^ 7fl7] tfl^ 
Auth=H(K' I U)(402a)2l- ^tfj^- A)~g-AH] TflcO- <£^a]^ 

Y=V(gy)(402b)l- nflAl^m A>-g-*K50H7fl ^^(402). $H]^ , 

Auth=H(K'l |l)fe K=[V- 1 (X)]y, K'=H(K| |g^| |gy| UDuserl HDserver) 1" °l-8-3H 31 

<46> ^(60)5.^ ^4^(402) ^1*1* «>£r ^~g-7}(50)^r K=[V-! 

(Y)]*, K'=H(K| |g x | |gy| HDuserl UDserver)* 31#*fl A 1 Authl" °1 ^ 
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^ *\*\ QTL^r ^ ^cf(403a). =L?)JL, A>-g-*}(50)fe, <#7) A9\- 

TSK=H(K* 1 10)# c=H(TSK||A)# 31^4. °H , cxr ^^7l^ 

?}*Rr ^3 A^S}- Aj-g-;^ O}^ c^^l^. OT^- 7^-0] TflAl A}-g-*} 

^ ^ B# c, r zl^JL 7}x]JL sfl^lJE. PS °l-§-*fl 

*1 31 # ^ A^oflTfl ^^W(403b). ^2] ^-^^1- ^ B^, 



<48> o]cf. oj-g-el, Af-g-^Hr, ?1 SK« SK=H(K'I IAMBI 12)^1 ^*1) 

3l^4(403c). o]^7fl A>-g-^ 7 > a^* <?1#^, ^-3*} ^ B« ^i^ 
*}*r *H3(403)# *M8^t]-. 

<49> Ai^(60)^ c=H(TSK| |A)-fr ^1^>J1 A>-g-x]-^ -e-2^K- B1-, 



<51> 1- o)^^ ^*Vtf. ZL ^ ^-4, <$^f>}& A^S] A>^> ol^ol ^ 

^tK404a). ^JL, A^^ A-flA^ 71 SKI- SK=H(K* I I A I 1 31 12)4) 
(404b). o] ^ -f , 

SK=H(K' I |A| |B| |2)olc}(404). 



<47> 



B = r*f] f ( p + i ) Ci 



<50> 



A=B 2 *[]V i c, modn 
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<53> 



£ ^*fl i^H^'y ^>^i ^(Offline 



dictionary attack)^! ^^r^f. 



<54> 



oicf. ofl^. =-o^ o]E^ ^fillf A}-g-£)^ TLSCTransport Layer 

Security)(IETF( Internet Engineering Task ForceHH afl^tr A% 

<r SE^b IEEE 802. Hi ^l-ofl^ fe^^ji °Xt= £ IJ:^ 

-g-g-^ ^£ $Z^f. 

<55> UNIX^l ^V-g-^V ^r^^r ^ rfl^l^- oicf. 

<56> ol^Tfl ^-jr -§-g-*Kr 3 ol^iE, ^ ^Ofl^ ^Al*V IS)] 
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«H, *>-8-*> ID, ^«o v ^ f-^r* ^-g-tb Al^^r(A=0WF(r)) ( ^ ^t^^ A}-g-7Hl 
*fl 2 4^4; 

^-71 nflAlxll- ol-g.^>c^ A^7> A^o} ^ 7fl?1 ^JjLofl ^tg 

(Auth)4 A>-g-7Hl7ll^ ^Bi^l^r 2 ^ &(Y)iLS. ^ 

*1H*1«- ^-g-^Hl^i] nib ^ 3 4^4, 

#7] Auth# ^wiS ^^V^, <?i <3 *H ^ 

ojH A^S}- A}-g-*}n]; o}^ ti]^ ^ 71^ ^JZ). ^( C )4 *\]& 7l(SK)« 31 

av ^ ( A >.g-x> <y#-i- ^sfl 4H.^7> ^(b)# a-witi] 4 

A ^}-§-*Hl ^^r sfli^JEL ^- < ?l^|-(V=0WF(f(P))7> a^ 7 > Aj-7l B« 

^-7] A, V ^ c» ^l-g-sfl ^^JI, SKI- 31^V*H 4^ 711- 51^>^ ^ 5 4 

^ <^ ^ 71 ill* Silt ^711 
[3^* 2] 

^1 1 *CH1 
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[3^8- 3] 

*n i sa°H, 

[3^8" 4] 

*H 1 ^1 5^1, 

#7] f-^r7> RSA 7l^tlr ^ sfli^JEL ^<y*Vl- 

V=[f(P)-!]e mod n 3. ^ ^Sr <3 *H 

Kflri^H. 7ltiVS] <?i^ ^ 71 JE^; ^7^1 ^(<^7H, (n=p*q(p, q^r 

RSA^), eC^r))^ RSA ^7fl7l ^1 Ji, f(p)fe ifliflH. P# lg(n)bitS 

5] 
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#7) ^(B)» B=r*f(P) c mod n AS ^ ^ ^ tfls}- 

*£} <g ol-g-^1 sfl^iE. 7]a>S] g 7l UI^; ^Tfl 

^(^H, c=H(TSK||A), TSK=H(K'| 10), IHV^CX)]*, K'=H(K| |g x | |gy| I ID User 

I UDserver. H( )^ «fl^^°J). 



6] 

A] 5 SU^i, 

^-71 43-3*1- ^(B)^ Beyc=A mod n * <>l-§-^| ^^Vtt ^ ^ 

AS. s}^r cfl^^ <3 *1^ °l-g-^ sfl^jE. 7la}^ ^ ? 1 JE^- £S 

S# ^Tfl ^(^H, c=H(TSK||A), TSK=H(K'| 10), K=[V-!(Y)] X , K'=H(K||g x 
MgylllDUserlllDserver). 

7] 

4 l %H1 5U<H*1, 

V=a- p (p) mod p S 5fe ^ ^ tflsl-^ ^ *H afl^ 

$] = 7l^ ^ 71 H£f ^Tfl ^(^H, a ^ Z* q ^l ^^71, p 

^ f(P)^r PI- lg(n)bitS %^ 0 J). 
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8] 

X] 1 ^ XI 7 

-=-3*} ^(B)# B=r+f(P)*c mod q 3. ^-§- ^^S. *>fe cflsj-^ 

^ *]*\ ol^-*V sfl^H. 7] a! Si o]^ ^ 7] JUJg- ^Tjl 

7^, c=H(TSKIIA), TSK=H(K'II0), K-[V" 1 (X)]y t K'=H(K| |g*| | g y| | ID 
User IIIDserver. H( )fe Sfl^^r^). 



[3^*8- 9] 

XI 8 %H1 Sl^H, 

>8-7l ^3*} ^(B)^ a BV<==A mod p # <>l-8-*H ^*3*Rr 3* ^ 

^Xl U-^(^7H, c=H(TSK||A), TSK=H(K' I 10), K=[V" 1 (Y)]x ) K'=H(K| lg x 
MgylllDuserlllDserver). 



10] 

XI 1 &<>H, 

#7} -&*fl -g-XH 7]^*V ^-f ^"71 sfl^S- Sj-o]*} 

1- [V^tfCP+l)" 1 ] 2 mod n, V 2 =[f(P+2)- 1 ] 2 mod n, V 3 =[f (P+3)- 1 ] 2 mod n, .... 
V^tfCP+k)- 1 ] 2 mod n, V=H(Vi,V 2 . ...,V k )]S *Rr f^AS. rflgj-^ 

^.g. ol-g-^ sfl^iE. 7111 Si ol^ ^ 71 ££If ^Xl y <HK<^ 
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7}*], n=p*q(p, RSA -L^), f(P)^ sfl^IEL P# lg(n)bit^ M^rfe tHr 
11] 

*l] 1 SE^r ^1 10 &°H, 
^"71 ^3*} ^(B)# 

B = r*f] f ( p + i ) Ci 

i=U 

SLsL S>fe %-§r ^ JliU s}^ tfls^ ^ xl^l ^ o. o)^J- sfl^JEL 7l 
ti>o] a]^ ^ 7l ^ sr^.^^. ^(^H, C =H(TSK||A), TSK=H(K' I 10) , 

K=[V" 1 (X)]y, K'=H(Kl lg x l lgy| I IDuserl I IDserver , , H( )tt Sfl^^r^). 

12] 

11 91°]*), 

^7} ^-2]^ ^(B)^ 



2fl^^H 7}*V$) ^ f] ^711 «j-^(^7lA^ C =H(TSK||A), 



A=B 2 *[]V>odn 
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TSK=H(K' | 10), K=[V- 1 (Y)] X , K'=H(K| |g x | | g y| I ID User I I ID Server , Cj^ i#*fl 



131 

^-71 A^ 7 > A>-g-7H]7fl #^*Rr ^ ^SS\. A>-g-7> 

uYo] ol^sL igO-S.^ A>^^^- ^ ^ 0.3. tfl^ ^ 
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[5- 1] 



. owFfe Et»St+ 

• r. sfc aa^ns §21 as 

6ft 31 



• f(p)b pi owFsi a»sioi 

£ k3f?fc 84*. 

• V(x)b xS 31 vk Ssaofe 84- 

• H(x)fc 9141 84 



100 



50, 



/Ig^rtsefASJO 

101 <^(101a) 

l«101bk6« 



103 V m /dH2!§as, a 

83 S8Sa.(103a) 
TSftHWIO), 
caH(TSK||A))a^ *, 
B6 S*eCM103b) 
. Md3l SKI M 
V SKsH(K1|A||B||2)(103c) 



ID Usw ,AsOWF(r),X=V(g») 



102' 



Auth=H(IC||1) l Y=V(gy) 



B 



104-| 



-60 



V=OWF(f(P)) 



Auths m 

•C»H(K||9'«||ff'||ID 0Mf ||ID SOT J 
K«[V- 1 (X)]»(102a) 

2!i4ySgaY5:Htf(102b) 

yeG 



c,VA5 OlgSHAI B5SS 

«s»a ah 7} at 

8S, 081 SS!(104a) 
SK*H(K>||A||B||2)(104b) 
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[51 2] 



•(B»p»q(p,qfclWAi:^),e(^4') ) «f(P)fc HH±*t£ PB lg(n) bits &a 

v • V(x)fc xS 31 VS SaSWfc 

> • gfcC2| ^^^| . H(x)fc 



50- 



200 



201<fch(201a),reZ; 

ag*xBS2( XS 3J 

UM201b)^eG 



203-/ 



Autha a#eo. as 

SB S«fiO.(203a) 
T3K-H(IC||0), 
caH(TSKl|A)3lltt 
BBSS (203b) 
Allfi 91 8KB 3BdK203c) 
SK»H(IC||A||B||2) 



IDumti Anr e mod n, X=V(g*) 



202 



Auth=H(KM|1), Y»V(g*) 



■-r*f(Pf mod n 



204 



AHtH 



60 



V=[f(P)" 1 ] mod n 

Autha JM (202a) 
K»=H(K||tf1l9»l|IO UMf ||ID^ r ) 

aS^ya 32} YB 30 th (202b) 
y eG 



' B e *V c »A mod n 9 OISSHB 

S, QSS S«(204a) 
All 31 SK9 311 (204b) 
SK-H(IC||A||B||2) 
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IS. 3] 



• f(p)b ffl^E PS lfl(q) MtS kSI 



50— j ~ 



x • Oh r SEfc EfSR£3B S2| 52 • V(x)fc xB 3| VS gfiaCfb 8* 
r> $*3S,9fc02|aa?| . H(x)h «H4l84» 



30 



300 



303 



tK301a).re2; 
184x8 321X8 31 

.4K301b).xeG 



AuthS2§S3 

88 28 (303a). 
TSK«H(K>||0), 
c»H(TSK]|A)W *, 
BB 3$(303b). 
AIA3I 3KB 3fl6K303c) 
SK-H(IC||A||B||2) 



ID^ iw mod p, X»V(tf«) 



302 



AuthaH(K*||1), Y=V(gy) 



B=rff(P)*c mod q 



304 



{ 



60 



V=a _,(p) mod p 



AuthB 7lt±. 
■CoH(K)|tf<||«'UID WMr l|ID taOTr ) 
Ks[Vi(X))r (302a) 
B!B4>y»S»Y»3ll*K302b) 
y eG 



' •■*V=A mod p 3 0| 1 SH M 3 

5, CJS8 S8(304a) 
AJ/S3I SKS SI ^ (304b) 
8K-H(K>||A||B||2) 
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4] 



50^ 



• n»p*q(p,qbl»SA±40 • f( p )fc JH£*IE PS lg(n) bits kSI 

• 6t r_ sEt as^fina sai ?t b*. 

na • v(x)b xa 3i vs 

• gfe «2|£|g3| . H(x)fc 



40 



400 



s<e4>r3 9e}Aa^i 

tf(401a)reZ;, 

?Hg4»xasaxa3i 

tf(401b)xeG 



403 



i 



K=rV-i(Y)I*3 SB 

Autha asaw. as 

88 S8 (403a) 
TSK»HdC||0), 
c=H(TSKl|A)3S<y *, 
BBSS (403b) 
Afld3| SKa 30&K4O3C 
SK»H(ie||A||B||2) 



ID^ A=r2 mod n, X=V(g") 



Autha 31^ 
402 /TlCoHdqiglltflllD^IIID^) 
Auth=H(IC||1), Y»V(gy) 1 RifVW(4Q2a) 

v|a«+»aaaY»3i4K402b) 

y eG 



B = r*n*(S + i) e ' 



l=],k 



404 ^ 



V+rWP+O" 1 ] modn 
V + ^[f(P+2) H ] 2 mod n 
V +3 =[f(P+3) _1 ] 2 mod n 
V, -[f(P+k)" 1 ] 2 modn 
V=H(V,V 2 ...,V k ) 



A = B l *fIV. ei modnS 

Bfi!5as,as«a«ffa. 

(404a) 

md\ SK8 Xt* (404b) 
8K-H(K>||A||B||2) 
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